Protection of admin pages

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
How to protect administration pages from entering.
I put login form on my start page (index.php), and if user put correct
data, script redirect him on page admin/admin.php. That works fine!
But if someone types in browser admin/admin.php it eneteres same page
without login. How to prevent this?

Re: Protection of admin pages

Set a session upon login and check if it is present on the admin.php

Re: Protection of admin pages

Quoted text here. Click to load it

You put login checking on *EVERY* *SINGLE* *PAGE*.  (Usually it's
in one file defining a function or class included from everywhere
else).  The checking usually looks at session data to see if you're
logged in, and the login hasn't expired, and if not, redirects you
to the login page.

If you're not using sessions, you probably check cookies.  Remember
that session data like $_SESSION['logged_in'] = true is hard to
spoof, but $_COOKIE['logged_in'] = true is easy to spoof.

                        Gordon L. Burditt

Re: Protection of admin pages

Another possibility is, that you create a .htaccess file in that
folder. Details can be found in the apache manual.

Site Timeline